An international operation four years in the making between Australian, North American and Canadian authorities has taken down one of the world’s largest — and coincidentally most annoying — fraud groups: the infamous phone scammers posing as Microsoft tech support employees. Here’s how it all went down.

Australia was the first country to be hit by the Microsoft tech support scam in a fraud operation that spanned the globe.

In 2009, the phone rang at the Australian Communications and Media Authority (ACMA). It was someone calling to complain. Not a new thing for the ACMA, but this was the start of something big. Something that would sweep the world, taking innocent users wanting to stay safe online for millions of their dollars.

The first caller to the ACMA complained about receiving an unsolicited marketing call from someone saying they were from Microsoft. It was not only unusual, but illegal that this person was called, seeing as how they were one of the eight million Australians registered on the ACMA’s Do Not Call register. Pretty soon, the phones were ringing off the hook at the ACMA as Do Not Call registrants began flooding the agency with complaints about Microsoft scam callers.

What were these scammers doing to draw the ire of so many people?

Here’s how the scam ultimately works: a scammer calls you posing as a Microsoft employee. Seeing as how Windows is the dominant platform, it’s a fair bet they’ll get someone they can work with. The “Microsoft employee” tells you that they’ve detected a problem, breach, glitch or error in your PC, and walk you through a support process to remedy your problem. Herein lies the rub: by following the steps, you open up your computer to the very hackers these scammers tell you you’re protecting yourself against.

Adding insult to injury, the scammers then hit callers up for a “service fee” for giving you such great protection. So not only do they have your credit card, but now they have everything they need to break into your computer at a later date and pinch (or place) whatever they like. Computers that fall victim to the scam are often used in botnets for spam distribution or they’re just used as keyloggers, waiting to scoop up the details of an unsuspecting user.

It’s worth mentioning early on — despite the fact that none of you are gullible enough to fall for it — that nobody calling about a “problem” with your computer that you haven’t noticed before is legitimate, and if you’re concerned, hang up on them.

Upon realising what was going on, the ACMA moved quickly to fight back, and to tackle a problem this huge, it needed international help. The ACMA passed the scam alert onto the Federal Trade Commission (FTC)in the US.

That was in 2009. Three years on from the first report into the ACMA about the Microsoft scammers, over 10,000 complaints have been recorded. The ACMA says that the worst point came two years ago, when every second complaint to the agency was about the Microsoft scammers. This was in 2011 — a year when scam activity had doubled on the previous period. 52 per cent of the 83,000 scam complaints the ACMA received in 2011 presented as phone scams. All in all, in that 12 months, Australians lost a total of $85.6 million to various scammers.

It had to stop.

The ACMA intensified its efforts and worked with other agencies around the world — including the Canadian Radio-Television and Telecommunications Commission — to bust the scammers.

Today, in the wee hours of the morning via video link to the US, ACMA chairman Chris Chapman said that the scammer’s reign was finally over.

The FTC in the US recently won court orders against the US-based parties involved in the Microsoft calls scam. These are the first individuals to be caught in connection with the scam. They’ve had their assets frozen and they are presumably now awaiting a hearing over fraud charges.

Update: Here’s how the FTC moved on the scammers to shut down their massive operation:

FTC papers filed with the court alleged that the scammers hoped to avoid detection by consumers and law enforcers by using virtual offices that were actually just mail-forwarding facilities, and by using 80 different domain names and 130 different phone numbers.

The FTC charged the defendants with violating the FTC Act, which bars unfair and deceptive commercial practices, as well as the Telemarketing Sales Rule and with illegally calling numbers on the Do Not Call Registry. It asked the court to permanently halt the scams and order restitution for consumers.

The ACMA’s-own Chris Chapman said that these busts prove that law will catch up to scammers eventually.

“The message for scammers is they cannot use the global and borderless world of communications to avoid laws that protect Australians against scams. With new scams appearing more frequently, our citizens need to be vigilant and not respond to insidious trickery,” he said via video link today.

Share

Tags

Discuss

Great news that these bottom-dwelling scum-suckers are finally shut down.

My elderly parents were initially taken in by them, and had been convinced to install malware on their PC by the time I found out what was happening. Fortunately I was able to intervene in time, and when the scammers called back, I stuffed them around no end, and then scared the hell out of them telling them the police had just successfully traced their phone line.

No doubt others will set up in their place. But the more we spread the word, the less success they'll have.

This actually happened to me once, they rang and tried to make me do all the steps and at the end I said "do you need to have the internet for this" and the guy legit yelled at me and used some vulgar language I wouldn't say at the pub!

Got a call from these guys and wasted as much of their time as possible by asking stupid questions like 'how do I turn the computer on' and 'which mouse button do I press'. Eventually they hung up when I said I couldn't find the start button, just a little apple.

A good friend of mine had them call. Had her open up the event viewer and then told her that the red Xs she was seeing was the issue (of course any WIndows computer will have various errors listed here, usually completely harmless to the end user). Her saving grace was that they couldnt get past her modems firewall to allow them remote control. Then she called me, and it took a while for me to convince her it was a scam.

I had several funny times with them the best was getting one going for about half an hour....
He hung up after abusing me, another who swore at me was a supervisor.... Was awesome hearing him lose it :)

The first call I received, I hung up rather quickly, and regretted it. Finally, I received another one some months later, and this time dragged it all the way out for as long as I could. The best way to get back at them is to waste their time. I'll never forget everyone in the room in hysterics, as I read out an event log entry to him that said "Error: Beware of smelly phone scammers".

I got these guys a couple of times. Pretended to got their remote access site. Kept spelling back the password they gave you as f u k o f f. Had nothing better to do that day, so kept them online close to 40 minutes. Later added the URL to home gateways blocked site list.

I've had heaps of these calls, originally I used to give them a tirade of abuse for wasting my time but they still kept ringing, I then would pretend I was taking this seriously and say that I had to switch the PC on and it was in the study and I'd be back, when I returned about an hour later they were gone! Amazingly they rang back later that night and reminded me that I was going to turn my computer on for them, so I went through the same thing and after another hour they were gone again, haven't heard back.

They called me, and they said my windows computer had a virus and i asked which one cos we have many and he just kept saying that it was one of my computers and then i said we don't have any computers and they hung up...

I just told them I didn't have a computer, they said they didn't beleive me. I asked them what sort of computer they had records of me having and I asked for their telephone number to ring them back, they hung up.

I may have got one of these callers, I don't know. Whenever I get unsolicited calls I always take control of the conversation and ask where they got my number, remind them that I am on the DNC list and politely ask them to remove me from their system. Sometimes this takes a while.

I remember reading this article awhile ago on how low tech their attack actually is, is surprising really as I would have assumed they would have installed some malware, but from the scam recorded in this article it is almost entirely social engineering